Archive

The use of open, unprotected Wi-Fi networks has become increasingly popular across the globe. Whether you’re traveling around a new city and rely on public Wi-Fi networks to get around or you’re at your favorite coffee shop and connect to its Wi-Fi, you’re left in a vulnerable situation when it comes to protecting your data. Just as you lock the door of your house when you leave, you should also use a security app if using public Wi-Fi.

Using unsecured Wi-Fi can easily expose photos and other personal information to hackers.

Avast’s hack experiment examines browsing habits of people across the globe

The Avast team recently undertook a global hacking experiment, where our mobile security experts traveled to cities in the United States, Europe, and Asia to observe the public Wi-Fi activity in nine major metropolitan areas. Our experiment revealed that most mobile users aren’t taking adequate steps to protect their data and privacy from cybercriminals. In the U.S., the Avast mobile experts visited Chicago, New York, and San Francisco; in Europe, they visited Barcelona, Berlin, and London; and in Asia, they traveled to Hong Kong, Seoul, and Taipei. Each of our experts was equipped with a laptop and a Wi-Fi adapter with the ability to monitor the Wi-Fi traffic in the area. For this purpose, we developed a proprietary app, monitoring the wireless traffic at 2.4 GHz frequency. It’s important to mention that there are commercial Wi-Fi monitoring apps like this available in the market that are easy-to-use, and available for free.

In front of the German Bundestag, Berlin: On public Wi-Fi, log in details can easily be monitored.

The study revealed that users in Asia are the most prone to attacks. Users in San Francisco and Barcelona were most likely to take steps to protect their browsing, and users in Europe were also conscious about using secure connections. While mobile users in Asia were most likely to join open networks, Europeans and Americans were slightly less so; in Seoul, 99 out of 100 users joined unsecured networks, compared with just 80 out of 100 in Barcelona.

1) Seoul: 99 out of 100

2) Hong Kong: 98 out of 100

3) Taipei: 97 out of 100

4) Chicago: 96 out of 100

5) New York: 91 out of 100

6) Berlin: 88 out of 100

7) London: 83 out of 100

8) Barcelona: 80 out of 100

9) San Francisco: 80 out of 100

Our experiment shed light on the fact that a significant portion of mobile users browse primarily on unsecured HTTP sites. Ninety-seven percent of users in Asia connect to open, unprotected Wi-Fi networks. Seven out of ten password-protected routers use weak encryption methods, making it simple for them to be hacked. Nearly one half of the web traffic in Asia takes place on unprotected HTTP sites, compared with one third U.S. traffic and roughly one quarter of European traffic. This can most likely be attributed to the fact that there are more websites in Europe and the U.S. that use the HTTPS protocol than in Asia.

So, how much of your browsing activity can actually be monitored?

Because HTTP traffic is unprotected, our team was able to viewall of the users’ browsing activity, including domain and page history, searches, personal log in information, videos, emails, and comments. Read more…

Earlier this month, as the Sony Entertainment breach was making headlines, Sony’s PlayStation Network (PSN) was knocked offline due to an alleged hacking attack. On Christmas morning, just as kids everywhere were unwrapping their new PlayStation and Xboxes, the PSN and Microsoft’s Xbox Live network were both disrupted leading to speculation that they were once again hacked. A group calling themselves Lizard Squad claiming responsibility for the attacks via Twitter.

As of now, PlayStation is still offline and PSN is directing users to their @AskPlayStation Twitter account for updates.

Please follow @AskPlayStation to get the latest updates as we work to restore full network functionality.

2014 has been an active year for cybercrime. Let’s start with the most recent and then take a look at some of the other important security events of the year.

State-sponsored espionage

We are ending the year with the most publicized and destructive hack of a major global company by another country – now identified as North Korea. The Sony Entertainment attack, still being investigated by the FBI, resulted in the theft of 100 terabytes of confidential employee data, business documents, and unreleased films. It was an attack on privacy due to the theft of a massive amount of personal records, but also essentially blackmail; aiming to silence something that the North Korean government didn’t like – namely the release of The Interview, a movie depicting an assassination attempt on Kim Jong-Un.

Most of the blame for state-sponsored cybercrime in 2014 has been with Russian or Chinese hackers. Whether private or state-sponsored, these hackers have attempted to access secret information from the United States government, military, or large American companies. Recently, Chinese hackers sponsored by the military were indicted for economic espionage by the U.S. Department of Justice.

Large data breaches

Along with the Sony breach, other notable companies that suffered from cybercrime include Home Depot, eBay, Michaels, Staples, Sally Beauty Supply, and others. A significant number of these breaches were begun months or years ago, but were revealed or discovered in 2014.

Nearly 110 million records were stolen from Home Depot; the largest ever breach of a U.S retailer. The cyber-heist included 56 million payment card numbers and 53 million email addresses.

JPMorgan Chase’s data breach impacted nearly 80 million households in the U.S., as well as 7 million small- and medium-sized businesses. Cybercriminals were able to gain access after stealing an employee’s password, reminiscent of the Target breach from 2013. This breach is said to be one of the largest breaches of a financial institution. The FBI is still investigating.

Financial and data stealing malware

GameOver Zeus, called the most infamous malware ever created, infected millions of Internet users around the world and has stolen millions of dollars by retrieving online banking credentials from the infected systems.

Tinba Trojan banking malware uses a social engineering technique called spearfishing to target its victims. The spam campaign targeted Bank of America, ING Direct, and HSBC customers using scare tactics to get customers to download a Trojan which gathered personal information.

Chinese hackers were at it again, and again, targeting South Korean banking customers with banking malware using a VPN connection. The customers were sent to a look-alike webpage where they were unknowingly handing cybercrooks their banking passwords and login information.

Software vulnerabilities

Many of the breaches that occurred in 2014 were because of unpatched security holes in software that hackers took advantage of. The names we heard most often were Adobe Flash Player/Plugin, Apple Quicktime, Oracle Java Runtime, and Adobe Acrobat Reader.

Avast’s selection of security products have a feature called Software Updater which shows you an overview of all your outdated software applications, so you can keep them up to date and eliminate any security vulnerabilities.

Ransomware steals email addresses and passwords; spreads to contacts.

Recently a lot of users in Russian-speaking countries received emails similar to the message below. It says that some changes in an “agreement’ were made and the victim needs to check them before signing the document.

The message has a zip file in an attachment, which contains a downloader in Javascript. The attachment contains a simple downloader which downloads several files to %TEMP% and executes one of them.
The files have .btc attachment, but they are regular executable files.

After downloading all the available tools, it opens a document with the supposed document to review and sign. However, the document contains nonsense characters and a message in English which says, “THIS DOCUMENT WAS CREATED IN NEWER VERSION OF MICROSOFT WORD”.

This question, from a small-site owner with tens or hundreds of visitors per day, is an unfortunate but all too familiar one.

One morning I started getting emails from my customers complaining that their antivirus reported my site as infected and won’t let them in. It must be some mistake because I don’t have an e-shop. There is just a contact form and information for customers. Is it possible that someone is attacking my business?

The answer, in most cases is, “You became part of an automatized network which leads your users to an Exploit Kit.” (explanation below)

Why do hackers attack small webpages when there are larger targets?

Small websites have a very low frequency of updates, and the possibility that somebody would find and fix malicious code is almost non-existent, which make them attractive targets to hackers. Hackers seek unpatched pages based on open-source solutions because they can attack them quickly and easily. These pages are later used for sorting users – by those who have vulnerable applications on their computer and by those who cannot be attacked – or simply to hide their true identity. Attackers close “the door” behind them by patching the vulnerability that leads them in and simultaneously create another backdoor, only for them, so the page does not show as suspicious when tested for vulnerabilities.

In general, there are three common types of hacking events a web administrator could encounter:

1. Defacement

This type is recognizable on the first look because the site has been changed to display a message from hackers showing off their skills and mocking the web administrator. This is usually a less harmful attack, and although your page was deleted, you don’t have any financial loss because the motivation for this attack was to show the lack of security on your pages and get credit from other hackers. People which make these attacks usually follow the rule, Don’t learn to hack, hack to learn.

For example, there are PHP shells that lets you select the method and reason of defacement and post it online. The image below shows part of a PHP-shell that sends statistics.

According to statistics from Zone-H, there were 1.5 million sites defaced during 2010, and the screenshot to the right shows the reasons for the attacks. A million and half seems like big number, but these are only documented attacks and the actual number would be much higher.

During the last few years, defacement has been used to display political or ethical opinions by attacking sites with lots of daily visitors. This is turn attracts media and gets as much attention as possible. Even antivirus companies are not spared, as you can read in a recent article about the hack against AVAST.

A YouTube video called Movies vs. Life compares scenes embellished with movie magic to their real-life equivalents. We like to think that an avast! Antivirus cameo during a computer hacking scene (pay attention around 0:22 seconds) is one of the reasons that this hilarious video has gone viral.

A round of applause from avast! to French comedy troupe Golden Moustache for producing this funny video.

Recently we encountered a very suspicious piece of code on some Joomla-powered webpages. The code looks as if garbled and without any special meaning, and starts like this:

Upon closer observation, several strange things are to be noted. First, there are no alphanumerical symbols to be seen in any part of the code. Second, on the line before this code starts, there is actually an HTML tag indicating a start of Javascript code (<script>), preceded by 37 tabs. Therefore, when opening an infected file in a text editor, one cannot normally see the starting tag, because it is shifted all the way to the right. To be able to see it, you either have to horizontal scroll, or have word wrap on. The same trick is performed with the script closing tag as well. Why would anyone try to hide these tags? The answer is simple, to trick people into thinking this is not actually a Javascript code.

Last month we wrote about a flaw in Microsoft’s Internet Explorer that could allow cybercrooks to take control of a Windows-based computer if the user browses to a malicious website. The website making news for that attack was the US-based think tank, the Council on Foreign Relations (CFR). Avast Virus Lab has since discovered that two Chinese human rights sites, a Hong Kong newspaper site, a Russian science site, and weirdly, a Baptist website (see the recent tweet) are also infected with the Flash exploit of IE8.

You can imagine the interesting audience that frequents sites such as these. The CFR, for example, attracts high ranking government officials including former presidents and secretaries of state, ambassadors, journalists, and leaders of industry. These sites were chosen on purpose; instead of targeting the general masses, like in a phishing attack, the perpetrators of a so-called “watering hole attack” target specific topics like defense or energy and lie in wait for persons of interest to visit, similar to a predator at a watering hole waiting for its victims to come to it. Read more…

When it comes to hotel security, I usually check two things: 1. Does the door open to an inside hallway or directly to the outside?, and 2. Does the room have a safe to store my passport and other valuables? Now, it seems, I have a third thing to think about: The electronic key.

Those sturdy plastic keycards have always seemed secure, and up to now, my only concern has been losing it, and having to ask the clerk at the front desk for a replacement. But recently, burglaries in American hotel rooms were linked to an electronic ‘hack’ which can open 4-5 million electronic locks in 200 hotel chains worldwide.

Back in July, at the Black Hat security conference, a Mozilla software developer exposed flaws he discovered in hotel room locks from the lock manufacturer Onity. He demonstrated the ability to break into rooms with a simple, cheap device that could be hidden in an iPhone case. Read how he did it. Since the summer, others have perfected the technique, and now thefts have taken place and an arrest was even made in Texas.

Your data is more important than the device it’s on

With all the devices we carry with us these days – I have a smartphone, laptop, and tablet – securing these gadgets is important. The most important thing about these devices is the data that’s on them, so before you leave on your travels, make sure you backup your files, photos, music, etc. Avast! BackUp is an online backup and recovery service that allows you to select sets of data or individual files you want to back up. You can quickly and easily restore files with the avast! BackUp software on your computer and you may also log in to your account online to restore files. Download a free trial here.

For your Android smartphones and tablets, make sure you install and setup avast! Free Mobile Security, our anti-theft and anti-malware app. It has special “stealth” and remote-access features, including lock, wipe and siren, as well as remote text commands, so you are protected against the loss or misuse of your phone. Get avast! Free Mobile Security for free from Google Play.

Other valuables, such as travel documents, can be placed in the hotel safe. But be aware that even those aren’t entirely secure. Reports have been made that some can be opened with a default code of all zeroes, 0000. Check it out next time. If you don’t trust the in-room safe or your items won’t fit, consider using the hotel front desk guest safes. If you don’t want to make use of a safe, make sure you bring luggage equipped with locks, so you can secure your valuables inside.

Do you have any other tips to keep your devices and yourself secure while staying in a hotel? Please share them.

It mostly happens in London, but I have seen it happen in Manila and Madrid too. My friends seem to travel a lot, and according to the tear-drenched emails, they have a tendency to get mugged. You might have seen it too – the “Stranded Traveler” message from a friend that goes something like this:

I’m writing this email with tears in my eyes, I came down to London for a program unfortunately, i was mugged at the park of the hotel where i stayed, all cash, credit and cell were stolen off me but luckily for me i still have my passport with me, I have no access to my account. I have been to the embassy and the police here but they are not helping issue at all and my flight leaves tomorrow night but i am having problems settling the hotel bills and the hotel manager won’t let me leave until i settle the bills. Am freaked out at the moment. I need about 2,250 pounds or any amount you can lend me to sort-out the bills, i will refund you as soon as i get back home.

I remember the first time I saw the message. It alarmed me with its urgency, and I felt compelled to help my friend get out of the mess. Questions about how to wire money to her darted through my mind. But then I remembered that I had just seen her post something on Facebook hours before, and she was most definitely not in London getting mugged.

Here’s what happened: Cybercrooks hacked into my friend’s Facebook and Yahoo accounts. They stole her identity, address books, changed her passwords, then sent out a message to all of her contacts using her email address.

This scam has happened so frequently, and there have been so many complaints, that the FBI issued a warning – over 2 years ago! Amazingly, the scam is still making its way through cyberspace (our CEO received one the other day), and the FBI says that they now have about 150,000 complaints on file. ABC’s Nightline actually answered one of the emails this summer and tracked what happened next. Read their account and watch the video here.

To avoid being a victim of this scam

Secure your passwords on all your email and social media accounts. If you have lots of user names and passwords to remember, you might like a password management system like avast! EasyPass.

Avoid clicking attachments in unknown emails.

If you get an email like this, call your friend to verify the authenticity of the message.